BE
Bulk Equipment
Module 2 of 3
Getting started
Security Awareness Training

Passwords & Account Security

Learn how to create strong, memorable passwords and keep your work accounts safe from unauthorized access.

Why Passwords Matter

Your password is the lock on your HR portal, your email, and every other work account. If someone guesses or steals your password, they can access your personal information including your pay stubs, tax forms, home address, Social Security number, and bank account details.

The good newsCreating a strong password does not have to be complicated. The best passwords are long and easy for you to remember, but hard for a computer to guess. This module will show you exactly how.

Creating Strong Passwords

The single most important factor in password strength is length. A long password made of simple words is much harder to crack than a short password full of symbols.

The Passphrase Method

Instead of a single complicated word, use a passphrase: four or more random words strung together. Pick words that create a picture in your mind so you can remember them easily.

Weak Password
Truck#22
Cracked in minutes
Strong Passphrase
purple-fish-dances-Tuesday
Centuries to crack

The short password uses a common word with a symbol and number. An automated cracking program can guess this in minutes. The passphrase is 26 characters long and would take a computer centuries to crack, but you can picture a purple fish dancing on a Tuesday.

How to Make a Good Passphrase

  • Pick 4 or more random words. They should not be related to each other or to you personally. Avoid your name, birthday, pet's name, or favorite team.
  • Make it memorable. Imagine a silly picture or story. "green-hammock-sings-quietly" is easy to picture: a green hammock singing quietly.
  • Add a separator. Use dashes, spaces, or periods between words. This makes it even longer and easier to type.
  • Aim for 16+ characters. The longer the better. Four average words easily reach 20+ characters.
More examples"bright-cactus-window-seven" (26 characters). "Monday.umbrella.runs.North" (26 characters). "coffee-ladder-orange-quiet" (26 characters). Each is long, random, and easy to picture.

Protecting Your Accounts

Never Share Your Password

Your password is yours alone. No one at this company will ever need to know your password, including IT support, your manager, or HR. If someone asks for your password for any reason, that is a red flag.

ImportantIT support can reset your password if needed. They never need to know your current password. If anyone calls, emails, or asks you in person for your password, refuse and report it to your manager.

Do Not Reuse Passwords

Use a different password for your work accounts than you use for personal accounts (like Facebook, Netflix, or online shopping). If your personal account gets hacked and you used the same password at work, the attacker now has access to your work systems too.

This happens more than you thinkWhen a large website has a data breach, hackers take those stolen passwords and try them against other websites and work systems. If you reuse passwords, one breach can compromise everything.

Log Out When You Walk Away

If you use a shared computer or workstation, always log out when you are finished or stepping away, even for a few minutes. Lock your screen if you will be right back. On Windows, press Windows key + L to lock instantly.

What to Do If You Think Your Password Is Compromised

  • Change it immediately. Do not wait.
  • Tell your manager or IT. They can check for suspicious activity on your account.
  • Change it on any other accounts where you used the same password.

Quick Reference

Do:

  • Use a passphrase of 4+ random words (16+ characters).
  • Make it memorable by imagining a silly picture or story.
  • Use different passwords for work and personal accounts.
  • Lock your screen when you step away (Windows key + L).
  • Change your password right away if you think anyone else knows it.
  • Report it if anyone asks for your password.

Do Not:

  • Do not use short passwords like a single word with a number (Truck#22).
  • Do not use personal information (your name, birthday, pet's name, address).
  • Do not share your password with anyone, ever, for any reason.
  • Do not reuse your work password on personal websites.
  • Do not write passwords on sticky notes on your monitor or under your keyboard.
RememberA strong password is long and random. A passphrase like "green-hammock-sings-quietly" is far stronger than "P@ssw0rd!" and much easier to remember.

Knowledge Check

Answer all 5 questions. Read each scenario carefully before choosing.

Passing score: 80% (4 out of 5)
Question 1 of 5
Which of these passwords is the strongest?
Question 2 of 5
Someone from IT calls you and says they need your password to fix a problem with your email account. What should you do?
Question 3 of 5
Why is it dangerous to use the same password for your work HR portal and your personal social media account?
Question 4 of 5
What makes a passphrase like "coffee-ladder-orange-quiet" more secure than a traditional password like "C0ff33!"?
Question 5 of 5
You are leaving your desk for a short break. A coworker is nearby. What should you do with your computer?